Why you should root for the Black Hat Hackers

The Black Hat Hackers conference going on this week in Las Vegas looks a little more corporate than it used to – glance at the website and you might confuse it for a Google (GOOGL) or Microsoft (MSFT) developers meeting.

But read a little more closely and you'll notice that the briefing sessions don’t sound like anything you’d find at a regular tech conference. The Black Hat meetup is all about unauthorized probing of websites and apps for security vulnerabilities.

Among the dozens of presentations, some may end up being disputed or debunked by the tech companies whose products have been allegedly compromised. Other hacks prompt almost immediate action to patch the vulnerable systems. Last year, hackers took control of a Toyota (TM) Prius and intercepted mobile text messages via a portable Verizon Wireless (VZ) network extender box. Verizon patched the device.

Jesus Molina, the security expert who uncovered this year’s hotel hack, says he and many of his peers are focusing on weaknesses in the so-called Internet of Things. As more and more devices are connected to the Internet, hackers are finding far too many easy ways to break into the systems, Molina says.

Molina was staying in the St. Regis hotel in Shenzhen, China, when he got bored and discovered an easy way to hack into the hotel’s system for guests to wirelessly control their rooms via iPad. The system used an older communications protocol that was originally designed for devices connected by wires, so it had no encryption to prevent a hacker from intercepting the signals when they traveled wirelessly over the air.

Molina did only a simple trick, making all the “Do Not Disturb” signs on his floor pulse on and off like a heart beat, before reporting the problems to the hotel’s chief of security.

"If someone is able to take control of every TV in a hotel, perhaps we need to reevaluate the security of the protocols we are using to realize the (Internet of Things) promise," he says.

Hacking the famed Nest thermostats isn’t nearly as easy and required physical access to the device, according to Yier Jin, a professor of engineering at the University of Central Florida.

But with direct access, his group was able to install their own software. Malicious hackers might install a covert monitoring program but Jin brings up another possibility – protecting the user’s privacy. The Nest uploads substantial amounts of customer information to the company’s servers. Google has promised it won’t exploit the data but a hack from Jin’s team could block the seemingly unnecessary uploads altogether.

Another team from the University of Massachusetts in Lowell wrote a program to put Google Glass to nefarious use.

Thier video analysis software can track a person’s finger movements from across a room and reveal which numbers they are hitting on a keypad to enter a PIN code. The software also works from considerably farther away – 75 feet – via a simple webcam.

The software doesn’t actually need to see which numbers are pressed, professor Xinwen Fu explains. “We use the the fingertip movement to identify what is touched since a touched position corresponds to a touched key,” he says.

No word yet whether this will prompt a new wave of outrage and banning of Google’s less-than-popular high-tech glasses.